Exchange 2010 edge antispam gone crazy

Similar Messages

• Using Exchange 2010 Edge server as an SMTP gateway without other roles

  I am looking to implement a simple SMTP gateway solution for a few applications to relay emails and hence am not looking at a full fledged Exchange deployment. As SMTP component is no longer available in Windows Server 2012, I would like to know if the Exchange
  2010 Edge role can function as a simple SMTP gateway solution without having the other roles of Exchange 2010 deployed like the CAS, Hub and Mailbox ?
  My requirements from this SMTP gateway solution would be the ability to append disclaimers, relay restrictions based on IP addresses and sender email addresses, and provide both authenticated and unauthenticated relay access.
  Any inputs would be highly appreciated. Thanks in advance.

  Hi again
  I decided to test the scenario - just for fun, and it seems to work. A strange setup :-)
  So you will have to prepare your schema and AD - and create an Exchange organisation.
  Then you will have to assign the receive connector(s) AD permission to relay outside the organisation - by default it can only relay internal, but since your mailsystem is "outside" seen from Exchange - you'll need to do that.
  Is your AD domain the same as your SMTP namespace? Because then you have to make it external relay after you have removed it from the e-mail address policy :-)
  BR
  Steen

• EXCHANGE 2010 - Edge server with forefront FULL OF SPAM

  Hi there.
  We have recieved on Exchange 2010 EDGE server a lot of spam 200k messages in queue.
  We have stoped inboud SMTP traffic on firewall to stop the attack.
  Any suggestion how to empty the queue? I've heard there is a way to rename the "Exchange queue folder" but forget the procedure.
  How to stop the attacker?
  bostjanc

  Hi There,
  Use the KB below to find the Queue DB, then stop the service listed In the KB, rename the old DB and create a new one with the same name, than start the Service.
  http://www.ntweekly.com/?p=653
  Exchange Blog:
  www.ntweekly.com
  MCSA, MCSE, MCITP:SA, MCITP:EA, MCITP:Enterprise Messaging Administrator 2010,MCTS:Virtualization

• Exchange 2010 Edge server shows previous version

  I have an Exchange 2010 environment with the Edge role installed on TMG and its working fine.  All servers have had SP3 installed and rebooted.
  I am trying to introduce my first Exchange 2013 server into the environment but the readiness check tells me not all the servers have SP3.  On the Edge server it shows SP3 is installed but from all other Exchange servers it shows SP2.
  Any ideas?
  Thanks

  For anyone else wondering.  I've done this in my lab, and I didn't have to remove the old subscription, just export the file from your edge server, copy it to any server running emc internally and import it, then force a sync and the version should
  update.
  On edge server open exchange
       powershell and run New-EdgeSubscription -FileName
       "C:\EdgeSubscriptionInfo.xml"
  Import edge file
       into new server
  You
  need to be assigned permissions before you can perform this procedure. To see
  what permissions you need, see the "EdgeSync" entry in the
  Transport
  Permissions topic.
  In the console tree, navigate
       to Organization Configuration >
  Hub Transport.
  In the result pane, click the
       Edge
       Subscriptions
       tab.
  In the action pane, click
  New Edge
       Subscription. On
       the New Edge Subscription page, complete the following fields:
  Active
        Directory site   Click
        Browse, and then select an Active
        Directory site in the drop-down list. This field identifies the Active
        Directory site where the Hub Transport server is connecting to the Edge
        Transport server for which the Edge Subscription exists.
  Subscription
        file   Click
        Browse, and then select an Edge
        Subscription file.
  Automatically
        create a Send connector for this Edge Subscription   Select
        this check box to automatically create a Send connector that routes
        messages from the Exchange organization to the Internet. The Edge
        Subscription is configured as the source server for the Send connector.
        The Send connector is configured to route messages to all domains by
        using Domain Name System (DNS) MX resource records.
  Click
  New to create the new Edge
       Subscription.
  On the
  Completion page, review the following,
       and then click Finish to close the wizard:
  A status of
  Completed indicates that the wizard
        completed the task successfully.
  A status of
  Failed indicates that the task
        wasn't completed. If the task fails, review the summary for an
        explanation, and then click Back to make any configuration changes.
  Start-EdgeSynchronization
       -Server Hub01 -TargetServer Edge03 -ForceFullSync

• Exchange 2010 Edge Transport - Not being detected by SCOM agent?

  All,
  I recently installed the SCOM 2007 R2 agent onto our Edge Transport server for Exchange 2010.  Our architecture is pretty simple.  We have a DMZ network where I have a SCOM 2007 R2 Gateway server and our Edge Transport server.
  Essentially it goes like this:
     Edge Transport Server Agent <-> Gateway Server <-> SCOM RMS server
  I have the Exchange 2010 and the FOPE for Exchange 2010 MP's loaded on our RMS server.  When I loaded the SCOM 2007 R2 agent onto our Edge server, the agent discovered it had FOPE and does reflect as such on the RMS server, but it did not seem to pick
  up that it was also the Exchange Edge Transport role.
  I looked on the RMS server in the Authoring -> Object Discoveries and the Edge transport is set to discover, so I am a little stumped as to why the agent didn't discover the role.
  Any suggestions where to look next?

  Just a little more detail on this.  I've been working on this exact issue for probably 3 weeks with an engineer. 
  This issue is actually a bug in the Exchange 2010 MP. 
  How is it a bug exactly?  Well, the MP is looking for the Active Directory site that the Edge Server is a member of... let's think about this, the Edge server is NOT domain joined, and as such, shouldn't have an active directory site. 
  Additionally, the regkey path referenced above is incorrect, though it seems that numerous others have figured that out on their own as well.  The correct regkey path should be:
  hklm>system>currentcontrolset >services>netlogon>parameters
  So sure, this "fixes" the issue - but the real issue is that the MP is looking for an Active Directory site, on servers that aren't a member of an active directory site. Kind of a BIG oversight by the MP authors in my opinion.
  I'm sure there are plenty of orgs relying on SCOM to monitor their Exchange 2010 implementations that don't even realize that their Edge servers aren't being monitored for the Exchange roles.

• Exchange 2010 edge transport server, degraded desktop / remote desktop

  I have a 2010 edge transport server loaded on windows server 2008 R2 that after about 3 days will no longer allow RDP connections or desktop logons due to a serious performance lag / time out. A reboot clears the performance issue for about another 3 days. 
  I allowed an RDP connection to stay open for the 3 days and it continues to work however actions like trying to load the task manager, start button, computer or any windows not currently open takes an extremely long time. Task manager and perf mon show very
  little processor and memory usage. 
  Tried the following to resolve:
  Replaced hard drives (raid 1)
  Replaced server (moved drives from one server to another chassis)
  Monitoring iops, memory usage and proc transactions. Nothing shows any unusually high usage.
  I tried disabled AV services, log monitoring and backup services both while the issue was happening and as preventative measure before the issue arose.  

  hi cna you check if by any chance you have bandwidth limitations configured. either on router or on tour switch. i had this kind of issue and it ended with bandwidth issue which was configured wrongly. you said this is happening with RDP. hows the performance
  when accesing locally
  did you check performance counters and event viewer.. anything there
  Mark as useful or answered if my replies helped you solving your query.
  Thanks, Happiness Always
  Jatin
  Skype: jatider2jatin, Email: [email protected]

• Exchange 2010 Edge and Sophos PureMessage

  Experiencing a dilemma with Exchange Edge server 2010 + Sophos PureMessage.
  After installing Sophos PureMessage on Exchange Edge server, there is a significant increase in SPAMS. 
  I was just wondering if anyone has any knowledge about this issue who are in Exchange and PureMessage environment. 
  Sophos technical support is pretty much "zzzzzz" since they don't even mention about 3rd party technical KB.
  Any thoughts would be highly appreciated.
  Thanks!

  Hi,
  I suggest enalbe Exchange Anti-Spam instead of using Sophos PureMessage.
  If you have to use Sophos PureMessage, I suggest go to Sophos PureMessage Support for help.
  Thanks

• How to close OPEN RELAY on Exchange 2010 EDGE server

  How to close open relay on it?
  Server passed OPEN relay test and we would like to avoid spammers attackin us.with best regards
  bostjanc

  Get-ReceiveConnector | Get-ADPermission | where {($_.ExtendedRights -like "*SMTP-Accept-Any-Recipient*")} | where {$_.User -like '*anonymous*'} | ft identity,user,extendedrights
  Identity                                User                                   
  ExtendedRights
  EXCHANGE-EDGE\Default internal receive co... NT AUTHORITY\ANONYMOUS LOGON            {ms-Exch-SMTP-Accept-Any-Recipient}
  Recreated RECIEVE CONNECTOR on EDGE solved it.
  bostjanc

• Some help with migrating exchange 2010 to exchange 2013 + installing another exchange 2010 to be edge-forefront-proxy server

  Hi guys (and girls)!
  Hear me up. The idea is like this:
  A friend of mine has currently Exchange 2010 SP3 in his environment with Forefront Protection installed on it. As we all know Forefront Protection is discontinued in Exchange 2013 environment because Exchange 2013 on-premisses is using integrated tool for
  doing that, but a friend of mine would really like to stick with Forefront Protection because it is "much better tool" then integrated stuff in 2013.
  Ok, so here's the idea. Exchange 2010 SP3 with Forefront is installed on Phisical machine (so, not virtualized) on 2008 r2 std OS. We decided to move to Exchange 2013 because we wanted to achieve DAG on Exchange 2010 but we realized that is not possible
  because 2008 R2 STD OS does not support failover-clustering functionality, but you are able to achieve that on newer OS for example 2012? Ok, so we bought another server, where we are planing to install Vmware Esxi and put two virtual machines on it.
  One Will be 2012 r2 STD OS with Exchange 2013 on it, the other Will be 2008 r2 STD with Exchange 2010 Edge role + Forefront on it. We are planing to move Exchange 2010 production server to virtual machine Exchange 2013, and newly virtual machine
  with Exchange 2010 edge server will only be "a kind of Proxy server with Forefront functionality". What concers me?
  Should we install Exchange 2010 edge transport 1st, or Exchange 2013? I think I have read somewhere after you put Exchange 2013 in production you are "unable" to install any previous Exchange versions is that true?
  One more question about what happens after you install another Exchange 2010 with Edge role in production enviroment? Does installation effects a production enviroment, let's say we do just a clean installation of Exchange + ran updates?
  Which roles do you need to install on Exchange 2010 to achive Edge role? Do you need to have all the roles install for having Edge server (mailbox, hub,cas?).
  bostjanc

  Should we install Exchange 2010 edge transport 1st, or Exchange 2013? I think I have read somewhere after you put Exchange 2013 in production you are "unable" to install any previous Exchange versions is that true?
  already answered by PS CL above
  One more question about what happens after you install another Exchange 2010 with Edge role in production enviroment? Does installation effects a production enviroment, let's say we do just a clean installation of Exchange + ran updates?
  No it does not as long you don't make any changes on send/receive connector and do the EdgeSubscription. As soon as you do the Edge subscription there will be send/receive connector created, so pay attention how to setup the Edge Server.
  Which roles do you need to install on Exchange 2010 to achive Edge role? Do you need to have all the roles install for having Edge server (mailbox, hub,cas?).
  Just install the Edge Transport Server and make sure you install ADLDS services.
  as you have mentioned you are doing to install both Mailbox and Edge server on the same VMware - it is a single point of failure.
  Where Technology Meets Talent

• Edge 2013 sp1 with exchange 2010 organisation.

  Dear reader,
  I have an exchange 2010 sp3 organisation with 1 client access server with hub transport and a 2 node DAG. Can I install a stand alone exchange 2013sp1 Edge role on a seperate machine in DMZ and subscribe the exchange 2010 hub transport to it. This
  in preparation to move to exchange 2013sp1 later this year. The current exchange 2010 edge role is installed on a TMG 2010 machine. Since TMG 2010 is dropped and we also have issues with the current edge's mailflow, i'd like to have a dedicated Exchange edge.
  Best regards,
  Ruud Boersma
  MCITP Enterprise administrator

  Sure, You can install Edge of Exchange 2013 on a dedicated server in DMZ and subscribe with Exchange 2010 Transport server.
  Or you can allow the Existing Exchange 2010 Edge server to serve your internet mail flow till the time you implement Exchange 2013 in the environment. I would suggest Exchange 2013 CU5 as a lot of issues were fixed in that which were identified with Exchange
  2013 SP1.

• Mails blocked in queue the moment forefront for exchange 2010 started

  Hi,
  We have newly installed Forfront protection 2010 for Exchange 2010 installed in our exchange 2010 Edge Server.
  Mails got struck in the Queue immediatly after the forefront installations.
  Mailflow works properly one we unhook the forefront from Exchange.
  need to enable the forefront. Got struck in these. How to proceed up further.
  Thanks,
  Pradeep

  Hi,
  Please compare your configuration with the following blog or video. These might help.
  http://araihan.wordpress.com/2010/03/15/forefront-protection-2010-how-to-install-and-configure-forefront-protection-2010-for-exchange-server-2010step-by-step/
  http://www.youtube.com/watch?v=b2BgTmeXwUs
  (Note: Microsoft provides third-party contact information to help you find technical support. This contact
  information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Forefront for exchange 2010 setup wizard preinstall update request

  I'm trying to install FPE, but even before I install and after the extraction of the files im getting the following error message on both my CAS servers.
  I have the following roles installed on this Client Access Server im using for the initial install of Forefront.
  Do I need to install active directory domain services before I continue.

  Hi,
  Firstly, please refer to the similar thread below:
  FSEMachinePrep.exe
  fails saying Server Unavailable
  Based on my research,
  Microsoft Forefront Protection 2010 for Exchange Server (FPE) can be deployed on Exchange Edge Transport, Hub Transport, Mailbox server, or combined
  Hub/Mailbox roles.
  Exchange 2010 requires Active Directory to be in place except for the Exchange 2010 Edge role (for DMZ) which can be deployed in a workgroup with Active Directory Lightweight
  Directory Services. Both Exchange (Mailbox, HUB and CAS role) and therefore FPE requires an Active Directory on site.
  Did you set up a domain environment for exchange server? If yes, please check the group membership of the user and make sure that it is a member of the Organization
  Management role group. In addition, please also make sure that you can connect to the primary domain controller on the CAS servers.
  More information:
  Microsoft Exchange Server 2010: Exchange Server and Active Directory
  Best regards,
  Susie

• Exchange 2013 edge

  Hi!
  Today we have a site with Exchange 2013 multi-role servers. On our DMZ we have 2 exchange 2010 edge servers. We are planning to install 2 new Exchange 2013 edge servers that will replace the once currently installed. When the new servers are installed and
  we have created the edge subscription, will all edge servers (2010 and 2013) be used until we remove the old ones? 
  Regards,
  UC

  yes.

• Exchange Server 2010 Edge - Port Change

  I am learning Exchange 2010 and have set it up. BUT my ISP blocks port 25 so I thought no problem I have a windows VPS set up I will install an Exchange Edge Server there and then it will work. However it looks like exchange uses port 25 to send the messages
  to the Edge server.
  I have used this command to change the ports of the send connectors but my router shows it is still trying to send on port 25. Any ideas?
  Set-SendConnector “EdgeSync - Home To Internet” -port 2525
  Set-SendConnector “EdgeSync - Inbound to Home” -port 2525
  Get-SendConnector | fl
  shows the ports as set to 2525
  Any Ideas?

  For home learning I would recommend you approached this from a slightly different angle.
  Don’t make any changes to your servers that you would not encounter in a real environment.
  Get a POP3 connector (POPCON is cheap) and pull all email from your gmail account using that application.
  That application will then dump the messages using SMTP to your Edge or your HT (you choose)
  Outbound messages are obviously SMTP and you can configure your servers to authenticate to your ISPs relay and send messages in the normal way.
  "Dan Messano" wrote in message news:fa3b47e8-daa0-46b0-a78a-d646b3d5b7fa...
  I am learning Exchange 2010 and have set it up. BUT my ISP blocks port 25 so I thought no problem I have a windows VPS set up I will install an Exchange Edge Server there and then it will work. However it looks like exchange uses port 25 to send the messages
  to the Edge server.
  I have used this command to change the ports of the send connectors but my router shows it is still trying to send on port 25. Any ideas?
  Set-SendConnector “EdgeSync - Home To Internet” -port 2525
  Set-SendConnector “EdgeSync - Inbound to Home” -port 2525
  Get-SendConnector | fl
  shows the ports as set to 2525
  Any Ideas?
  Mark Arnold, Exchange MVP.

• Exchange Server 2010 Edge Transport Subscription Issue while moving Internal CA Certificate to 3rd Party Certificate

  My Client have a Exchange 2010 Organization with Single Domain Single Forest.
  They were using Internal CA Certificate and a TLS Cert.
  As a POC we are doing a POC for Exchange 2010 Hybrid Office 365 Environment.
  For this 3rd Party CA is Mandatory and they have bought a Geo Trust Certificate.
  Now when they have installed cert on both HUB as well as EDGE servers, he was prompted to do edge subscription again.
  HUB and CAS are combined on the server at both Main and DR Site.
  When they try to do edge subscription again they are getting the following error.
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.

  I was finding out the solution and got this.
  1-Certificate will import on both EDGE and HUB Servers.
  2-Edge Sync will use Self-Sign Certificate (but I an unable to find how do I configure this)
  3-some communication between Edge and Hub will be encrypted via 3rd party Certificate.
  Could anyone suggest, which services on HUB must based in this 3rd party cert.
  All the external communication must be encrypted via 3rd party CA and communication between HUB-EDGE will set on self-sign Cert. How do I do this.
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.
  Hi,
  Please run Get-ExchangeCertificate | fl to check your Exchange certificate settings. Also confirm if the 5E470560626E313646730C177FCA66728E2BAFF7 certificate is your trusted 3rd party cert.
  Please use Enable-ExchangeCertificate cmdlet to assign SMTP service to your self-signed certificate in your Edge server.
  Regards,
  Winnie Liang
  TechNet Community Support